I'm trying to generate into SCA 6000's keystore unextractable keys. Proplem using Java's keytool is that they are extractable and thus does not provide enough security even though they are located in the Hardware's keystore.
I currently use keytool like this:
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /root/java_code/pkcs11.cfg -genkeypair -keyalg RSA -alias test
while accessing keystore from java code, it really shows that generated private key is extractable and not secure enough for my purpose
(while I print after initializing Provider and loading Keystore with PIN):
PrivateKey privateKey = (PrivateKey) keyStore.getKey("test", null);
System.out.println("Private key: " + privateKey);
I get:
Private key: SunPKCS11-SCA6000 RSA private key, 1024 bits (id 3, token object, not sensitive, extractable)
+....and the sensitive private key information is printed+
Any suggestions how to make it work as wanted? Thank you.